9 matches found
Internet Bug Bounty: AddressSanitizer reports a global buffer overflow in mkgmtime() function
https://bugs.php.net/bug.php?id=68027...
Oracle Linux 6 / 7 : php (ELSA-2014-1767)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1767 advisory. - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 - xmlrpc: fix out-of-bounds read flaw in mkgmtime CVE-2014-3668 - core: fix...
php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash...
php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash...
php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash...
php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash...
USN-2391-1 php5 vulnerabilities
Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. CVE-2014-3668 Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote...
CVE-2014-3668
CVE-2014-3668 affects PHP’s XMLRPC extension (libxmlrpc/xmlrpc.c: mkgmtime date_from_ISO8601). A crafted first arg to xmlrpc_set_type or a crafted arg to xmlrpc_decode can trigger an out-of-bounds read, causing a denial of service (application crash); may enable code execution per some advisories...
PHP 5.4.x < 5.4.34 Multiple Vulnerabilities
According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.34. It is, therefore, affected by the following vulnerabilities : - A buffer overflow error exists in the function 'mkgmtime' that can allow application crashes or arbitrary code execution. CVE-2014-366...